Currently, many Internet protocols do not require any form of authentication for access. The most widely publicized abused protocols is email, i.e., the simple mail transfer protocol (SMTP), in the form of SPAM. The same abuses occur with web servers where access is either granted to anyone or requires a login procedure or certificate (X.500). What is absent is a simple method for a person using a program to grant permission for a specific entity to access the resources, i.e., Internet protocol-based services. The email example is perhaps the best because it demonstrates the notion of what might be thought of as a virtual resource. Consider an individual user having an email address of <<john.doe@isp.net>>. The user may not actually control the email server and does not control the resource in the conventional sense; however, when the user receives unwanted email, there exists an undesirable and negative impact on resources, i.e., the user's time (and unwanted frustrations associated with the unwanted email), bandwidth between the client machine and the ISP/mail server, the mail server processor and memory usage, and bandwidth usage on various parts of the Internet.
The user would like to never again receive any unwanted email. Existing software filters allow a client to accept only emails from specified email addresses or domains. This solution is not easily manageable, since it requires manually adding email addresses or domains to a list, sometimes known as a “white list”. If the user visits a web site and wishes to receive offers from this company via email, he must manually add this name to his white list either at the client or at his mail server.